| name | owasp-cicd |
| description | OWASP CI/CD Top 10 knowledge base for identifying, assessing, and remediating CI/CD pipeline security risks. |
| license | CC-BY-SA-4.0 |
| user-invocable | false |
| metadata | {"authors":"OWASP CI/CD Security Project","spec_version":"1.0","framework_revision":"1.0.0","last_updated":"2026-02-16","skill_based_on":"https://github.com/chris-buckley/agnostic-prompt-standard","content_based_on":"https://owasp.org/www-project-top-10-ci-cd-security-risks/"} |
OWASP® CI/CD Top 10 — Skill Entry
This SKILL.md is the entrypoint for the OWASP CI/CD Top 10 skill.
The skill encodes the OWASP Top 10 CI/CD Security Risks as structured, machine-readable references
that an agent can query to identify, assess, and remediate CI/CD pipeline security risks.
Normative references (CI/CD Top 10)
- 00 Vulnerability Index
- 01 Insufficient Flow Control Mechanisms
- 02 Inadequate Identity and Access Management
- 03 Dependency Chain Abuse
- 04 Poisoned Pipeline Execution
- 05 Insufficient PBAC
- 06 Insufficient Credential Hygiene
- 07 Insecure System Configuration
- 08 Ungoverned Usage of 3rd Party Services
- 09 Improper Artifact Integrity Validation
- 10 Insufficient Logging and Visibility
Skill layout
SKILL.md — this file (skill entrypoint).
references/ — the CI/CD Top 10 normative documents.
00-vulnerability-index.md — index of all vulnerability identifiers, categories, and cross-references.
01 through 10 — one document per vulnerability aligned with OWASP CI/CD Security numbering.
Third-Party Attribution
Copyright © OWASP Foundation.
OWASP® Top 10 CI/CD Security Risks content is derived from works by the
OWASP Foundation, licensed under CC BY-SA 4.0
(https://creativecommons.org/licenses/by-sa/4.0/).
Source: https://owasp.org/www-project-top-10-ci-cd-security-risks/
Modifications: Vulnerability descriptions restructured into agent-consumable reference
documents with added detection and remediation guidance.
OWASP® is a registered trademark of the OWASP Foundation. Use does not imply endorsement.